<?php

/**
 * @author FROSTY (valik619)
 * @site nadmad.ru
 * @mail valik619@inbox.ru
 */
 $root = '../';
$title = 'WBCMS - wap blogs CMS';

include('../system/core.php');

#error_reporting(2047);
$action=htmlspecialchars(trim($_GET['a']));

switch ($action){

default:
include('../system/head.php');
$pr=$_GET['id'];  
$namecat = mysql_query("SELECT * FROM `posts` WHERE `id` = '$pr' LIMIT 1");
$nc = mysql_fetch_assoc($namecat);

echo '<div class="title">'.$nc['name'].'</div>';

    echo '<div id="imenu">';

$posts=mysql_query("SELECT * FROM `comments` WHERE `pid` = '$pr'");
$total = mysql_num_rows($posts);

echo '<form action="index.php?a=say&amp;id='.$pr.'" method="post">';
echo '<p>'.$lang['youcom'].'</p>';

include($root.'system/inc/auto.php'); //Подключаем автовставку бб кодов

				echo '</p>';
echo '<textarea name="soft" id="post" maxlength="200"></textarea><br />';

echo '<p><input type="submit" name="submit" value="'.$lang['add'].'"/></form></p>';

    //Моя навигация
    $page = (isset($_GET['p'])) ? intval($_GET['p']) : 1 ; 
    $allpage = ceil(mysql_num_rows($posts)/$kmess);
    $start = $page*$kmess - $kmess; 
    /*
    //<div class='like'>
        echo '<div class="comm_author">';
        echo "<div class='like'><img class='limgcom' src='".functions::ava(''.$n['mail'].'', 64, 'g', 'mm')."' alt='Gravatar'></div>";
        echo '<div style="font-size: 18px;"><b>FROSTY</b></div>';
        echo 'Вчера в 11:13<br>';
        echo '<b>Группа:</b> <span style="color:green">Пользователи</span>';
echo '</div><br>';
*/


if(!mysql_num_rows($posts)){
    echo '<div class="info">'.$lang['comnot'].'</div>';        
        }else{
          $post=mysql_query("SELECT * FROM `comments` WHERE `pid` = '$pr' ORDER BY `time` DESC LIMIT $start,$kmess");
while($row=mysql_fetch_assoc($post)){
    echo '<p>';
    echo '<div id="comments">';
    

    $usename = mysql_query("SELECT * FROM `users` WHERE `id` = '$row[uid]'");
    $n = mysql_fetch_assoc($usename);


echo ''.functions::user($n, $row).'';


//            echo "<div class='like'><img class='limgcom' src='".functions::ava(''.$n['mail'].'', 48, 'g', 'mm')."' alt='Gravatar'></div>";
    
    
        if($rights == 1){
        echo '<div class="info"><a href="index.php?a=delete&amp;id='.$row['id'].'" style="float: right;">X</a></div>';
        echo '</div>';
    }else echo '</div>';
   // echo '</div>';
    $text = functions::bbcode($row['text']);
    echo '<div class="comm">'.functions::smileys($text).'</div>';
    
    
    echo '</div>'; //comments //name
    echo '</p>';
    
    
    };
    
}        

    echo '<div class="info"><a href="'.$root.'smile.php">'.$lang['smiley'].'</a></div>';
    
    if($total>$kmess){
    echo '<p>';
    functions::navigation($allpage,"index.php?id=".$pr."&amp;p={p}",1);  
echo '</p>';}        
            
    echo '</div>';
            echo '<div class="title">'.$lang['total'].': '.$total.' | <a href="../posts/index.php?id='.$pr.'">'.$lang['back'].'</a></div>';
        echo '</div>';

break;

case 'say':
$pr = $_GET['id'];
$text = isset($_POST['soft']) ? trim($_POST['soft']) : '';
if(!$text || strlen($text) > 300){
    include('../system/head.php');
    echo ''.$lang['vtext'].' | (max 300)'; break;
}
if($uid){
    mysql_query("INSERT INTO `comments` (
`id` ,
`uid` ,
`pid` ,
`text` ,
`time`
)
VALUES (
NULL ,  '$uid',  '$pr',  '".mysql_real_escape_string($text)."',  '".time()."'
);");
}else{
       mysql_query("INSERT INTO `comments` (
`id` ,
`uid` ,
`pid` ,
`text` ,
`time`
)
VALUES (
NULL ,  '0',  '$pr',  '".mysql_real_escape_string($text)."',  '".time()."'
);"); 
}
header('Location: http://'.$set['home'].'/comments/index.php?id='.$pr.'');

break;

case 'delete':

if($rights == 1){
    $pr = (int)$_GET['id'];
    $zapros = mysql_query("SELECT * FROM `comments` WHERE `id` = '$pr'");
    if(!mysql_num_rows($zapros)){
        echo 'ERROR! This comment doesn`t exists!';
    }else{
        $daa = mysql_fetch_assoc($zapros);
        mysql_query("DELETE FROM `comments` WHERE `id` = '$pr'");
        header('Location: http://'.$set['home'].'/comments/index.php?id='.$daa['pid'].'');
    }
}else{
    echo 'ERROR! Permission danied!';
}



break;

}

$title = "$nc[name]"; //Титл для низа страницы, для СЕО оптимизации желательно укзаывать

include('../system/foot.php');

/**
 * @author FROSTY (valik619)
 * @site nadmad.ru
 * @mail valik619@inbox.ru
 */

?>